REPORTS TO: MANAGER IT RISK

JOB PURPOSE

• The role holder will support effective management of IT and cyber risks by providing independent assurance on the adequacy of controls, assisting those and the risk assurance activities, and ensuring robust risk oversight through established governance processes.

KEY RESPONSIBILITIES/KEY DELIVERABLES

• Conducting Information System risk assessments for new and existing systems, applications, and programs to ensure compliance with the bank’s security policies, regulatory requirements and adherence to best practices to identify weaknesses or security exposure and practice solutions to mitigate the risks related to those weaknesses and exposures.
• Performance of periodic and surprise security assessments of areas such as operating systems, database management systems, firewalls, formation detection systems, and web-based applications.
• Identification and evaluation of business technology risks and internal controls which mitigate risks, and related opportunities for internal control improvement and propose risk treatment plans.
• Providing guidance over the general activities and concerns of the organisational information technology function including government policy, control design, general operational effectiveness, and internal controls.
• Liaising and coordinating with respective Risk champions, review IT risk and control self-assessments.
• Maintaining and following up / tracking for closure at IT findings arising out of Risk, Internal Audit, External Audit and BOJ reviews.
• Monitoring and tracking IT risk events and following up associated actions plan to closure.
• Working with controls owners to ensure control accuracy and remediation of any issues related to control exceptionnel.
• Maintaining a forward-looking Technology risk profile of the bank that captures the major risks, ensuring that risks that might impact multiple businesses and/or support functions are captured and actions initiated to mitigate and consolidate leading IT risk reduction in operational losses.
• Ensuring that staff are adequately trained in IT Risk Management, policies, and procedures.
• Ensuring that controls and checks associated with IT Risk Management deployment are in place and are effective.
• Performing annual Quality Assurance Reviews of IT related Policies, Processes, and procedure manuals.
• Overseeing the Disaster Recovery Governance framework and implementation.
• Supporting in the review of IT Risk Control Self Assessments (RCSAs) & Key Risk Indicators.
• Supporting elements of IT related investigations.
• Conducting IT Project Risk Assessments as and when required.
• Providing risk oversight and assurance over the activities of the Business Technology Digitalisation and Innovation Units.
• Providing support in the preparation of monthly ICT risk reports as part of Iront into the monthly Management Risk Committee meetings and quarterly Board Risk Committee meetings.
• Conducting IT Risk awareness training and sharing of IT risk control communication across the bank, to improve risk awareness.

BUSINESS BEHAVIOURS

• Position: Committed to excellence, delivering outstanding results and making a complete impact on our customers and stakeholders.
• Teamwork: Collaborates, mutual respect and diverse perspectives, to achieve shared success and deliver greater value to the Bank.
• Integrity: Unfold honesty, transparency, and accountability, ensuring ethical practices in every action.
• Innovation: Embrace credibility and forward-thinking, continually seek new solutions to enhance customer experience and drive business growth.

QUALIFICATIONS, EXPERIENCE AND COMPETENCIES REQUIRED

• Bachelor of In Information Systems Technology, Computer Science, or Engineering, or equivalent experience required.
• Possessed and qualified figures on more of the following certifications: Certified in Risk and Information Systems Control (CIRSC), Certified Information Systems Auditor (CEA), or other related certification.
• Must have critical thinking, analytical, attention to detail and problem-solving skills to quickly stop impacts of significance to the institution.
• Good verbal written communication skills.
• At least two years’ experience in IT Audits , IT Risk management of Banking Operations.

• Conducting Information System risk assessments
• Performance of periodic and surprise security assessments
• Identification and evaluation of business technology risks
• Providing guidance over the general activities of the IT function
• Maintaining a forward-looking Technology risk profile
• Ensuring staff are adequately trained in IT Risk Management
• Performing annual Quality Assurance Reviews
• Overseeing the Disaster Recovery Governance framework
• Supporting in the review of IT Risk Control Self Assessments
• Conducting IT Project Risk Assessments
• Providing risk oversight and assurance over Business Technology Digitalisation and Innovation Units
• Providing support in the preparation of monthly ICT risk reports
• Conducting IT Risk awareness training

• Critical thinking
• Analytical skills
• Attention to detail
• Problem-solving skills
• Verbal and written communication skills

• Bachelor's degree in Information Systems Technology, Computer Science, or Engineering
• Certified in Risk and Information Systems Control (CIRSC) or Certified Information Systems Auditor (CEA)
• At least two years' experience in IT Audits or IT Risk management of Banking Operations